Skip to main content

11 posts tagged with "dhorvath"

View All Tags

Ā· 6 min read
David Horvath

In my previous blogs I have outlined how the Frameā„¢ Bring Your Own (BYO) Networking capability in Amazon Web Services (AWS) could be used to deploy a Frame account in a manner that would allow Frame-managed workload VMs to be connected to an existing private network. Recent addition of Frame Remoting Protocol (FRP) 8 has adjusted some of the ports and protocols used for workload connectivity. In this blog, I will update how the Frame Streaming Gateway Appliance (SGA) interacts with the new FRP8 networking environment.

Ā· 4 min read
David Horvath

The NutanixĀ® FrameĀ® Desktop-as-a-Service (DaaS) solution that allows administrators to create pools of non-persistent desktops and applications for use by internal and external users. When used on one of the public cloud infrastructures ā€“ AWSĀ®, AzureĀ® or GCPĀ® clouds ā€“ this service can scale out very quickly and increase an organization's capacity to support a variety of use cases

One use case provides applications for training or tradeshow/conference demonstration purposes on a temporary basis.This use case could become important to close all the active sessions on a Frame account to allow deprovisioning of the cloud resources. This blog will step you through how the Frame admin API can be used to accomplish this objective via a PowerShell script.

Ā· 8 min read
David Horvath

Nutanix FrameĀ® Desktop-as-a-Service (DaaS) has long supported private network workloads via the implementation of a Streaming Gateway Appliance (SGA). On public cloud infrastructure, this capability can be automatically deployed upon account creation. As a part of this process, the Frame platform creates a Network Address Translation (NAT) Gateway to ensure that the workloads have a way to communicate back to the Frame control plane residing on the Internet. When deployed, this NAT GW does not provide network administrators the ability to control or restrict the outbound web traffic of the workloads. By combining an autodeployed SGA with AmazonĀ® Web Service's (AWS) Network Firewall solution, a network administrator can get fine grained control of the outbound web traffic for Frame-managed workloads and still allow them to contact the Frame control plane. This blog will demonstrate how this can be done.

Ā· 6 min read
David Horvath

FrameĀ® Desktop-as-a-Service (DaaS) provides a detailed scheduling capability to ensure that Frame accounts are able to deliver just-in-time production capacity while minimizing the additional cost of having idle cloud capacity. However, Frame does not currently have the built-in feature to alert administrators when an existing production pool is running out of provisioned capacity. This might lead to users not being able to connect to a session because all of the VMs in the production pool are in use at a moment in time. This blog will demonstrate how the Frame Admin API can be used to monitor the actual number of concurrent sessions and send a message to a SlackĀ® channel when the number of active sessions reaches a certain percentage of the provisioned capacity of a Frame production pool.

Ā· 5 min read
David Horvath

Nutanix's FrameĀ® desktop-as-a-service, with its ability to deliver virtual desktops and applications on non-persistent virtual machines, is a key part of the security posture of many customers. When combined with Frame application mode, which eliminates the WindowsĀ® Desktop and focuses the end user on a single set of published applications, Frame provides enterprises with a secure way to deliver Windows applications and not lose control of the underlying data. As a part of our Enterprise Profiles capability, Nutanix released a feature that allows Frame administrators to further secure their Frame environment by forcing users with Enterprise Profiles to be logged in as a non-administrative local Windows user. Recently, this feature has been turned into a setting that can be applied to any Frame account that is not using the Frame Domain Join feature.

Ā· 9 min read
David Horvath
Thang Nguyen

The Nutanix Frameā„¢ Platform records session and audit log information on what actions users and administrators are doing in the Frame Desktop-as-a-Service (DaaS). This session and audit log information is available for download from the Frame Console. Enterprises often want to combine this session and audit event data with information from other sources within their Security Information and Event Management (SIEM) solution in order to obtain a more comprehensive view of what is occurring in their enterprise. In this blog, we will demonstrate how Frame Admin API can be used within a PowerShell script to retrieve audit data from Frame and insert it into the SplunkĀ® event manager, one of the more popular SIEM's on the market.

Ā· 8 min read
David Horvath

Nutanix Frameā„¢ Desktop as a Service (DaaS) solution supports multiple networking models. One of the more popular networking models for enterprises is the Frame Private networking model. This model allows the Frame workload VMs to have private IP addresses on the enterprise private network and access private networking resources and it is the simplest way to inherit existing network security processes.

However, remote users still need a way to connect to these private networks. The traditional way of implementing this access is to deploy a VPN, but that requires implementing and maintaining software on the user endpoint devices and VPN connections can overload security products like firewalls.

Frame offers a Streaming Gateway Appliance (SGA) to meet this need, but some enterprises may wish to take advantage of the ā€œsecurity as a serviceā€ model offered by Zscaler, Inc. Zscaler offers a ā€œDMZ as a serviceā€ solution that can provide DMZ type functionality without the complication involved in many DMZ deployments. The ZscalerĀ® service maintains many certifications required by government agencies and it meets the rigorous standards required by the most security conscious organizations.

In this blog you will learn how Zscaler Private Access (ZPA) and Frame DaaS can work together to provide a remote access solution to a private cloud with a simplified administrative model while maintaining a high level of security.

Ā· 6 min read
David Horvath

As enterprises continue to expand their IT footprint into the public clouds, extending existing private networking infrastructure into the public cloud has become more critical. To address the flexibility that this requires, Nutanix has added a Bring Your Own (BYO) Networking feature to its Frameā„¢ Desktop-as-a-Service (DaaS) solution. In a previous blog, I walked through how to use this feature in the AWSĀ® platform. In this blog, I will walk you through how an environment could be set up in an AzureĀ® cloud infrastructure. Integration between your Frame-managed workloads with an actual private network depends on the specific implementation of your private network.

Ā· 7 min read
David Horvath

In my previous blog, I outlined how the Nutanix Frameā„¢ Bring Your Own (BYO) Networking capability in Amazon Web Services (AWS) could be used to deploy a Frame account in a manner that would allow it to be connected to an existing private network. In that post, I deployed a RDP bastion server so that I could access those private Frame workloads from an internet based machine since I had no private network.

In this blog, I will demonstrate how the Frame automated Streaming Gateway Appliance (SGA) deployment capability can be used to grant internet access to those same private workloads so that I no longer need the RDP bastion server to access the private network.

Ā· 8 min read
David Horvath

As enterprises continue to expand their IT footprint into the public clouds, extending existing private networking infrastructure into the cloud has become more critical. To address the flexibility that this requires, Nutanix has added a Bring Your Own (BYO) Networking feature to its FrameĀ® Desktop-as-a-Service (DaaS) solution. In this blog, I walk you through how a test environment could be set up in an AWSĀ® infrastructure to familiarize a Frame administrator with how this feature works. Integration into an actual private network depends on the specific implementation of that network.

BYO networking is useful when an enterprise wants to grant external or temporary access to internal resources. By leveraging a public cloud service like AWS, an enterprise can ā€œrentā€ public-facing computing resources and grant users access to files or software anywhere in the world. It can also be used as ā€œsurge capacityā€ to grant more full-term employees access to what they need to perform their jobs, but are denied access to physical locations where the private network has been deployed.

You can find details on the network requirements for using Frame in a BYO networking scenario at Public Cloud with Private Networking.